Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20230929 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ImageMagick (7.1.1.15 -> 7.1.1.17) Mesa (23.1.7 -> 23.1.8) Mesa-drivers (23.1.7 -> 23.1.8) MozillaFirefox (117.0.1 -> 118.0.1) apache2-mod_php8 apparmor argyllcms (2.3.1 -> 3.0.0) autoyast2 (4.6.2 -> 5.0.1) avahi avahi-glib2 branding-openSUSE cairo (1.17.8 -> 1.18.0) distribution-logos-openSUSE (20220322 -> 20230921) drbd firewalld flashrom (1.2 -> 1.3.0) git glibc gnome-control-center gnome-mahjongg (3.40.0 -> 3.40.0+35) gnome-music gnome-tweaks (42.beta+60 -> 45.0) gnustep-base gpg2 (2.3.8 -> 2.4.0) gpgme gpgmeqt grantleetheme graphite2 gstreamer (1.22.5 -> 1.22.6) gstreamer-plugins-bad (1.22.5 -> 1.22.6) gstreamer-plugins-base (1.22.5 -> 1.22.6) gstreamer-plugins-good (1.22.5 -> 1.22.6) gstreamer-plugins-libav (1.22.5 -> 1.22.6) gstreamer-plugins-rs (0.10.11 -> 1.22.6) gstreamer-plugins-ugly (1.22.5 -> 1.22.6) highway (1.0.5 -> 1.0.7) imlib2 (1.12.0 -> 1.12.1) java-11-openjdk kcalutils kio libHX (4.14 -> 4.15) libapparmor libblockdev (2.28 -> 3.0.2) libbytesize libdrm libguestfs libjxl libnma libqt5-qtbase libreoffice (7.6.1.1 -> 7.6.1.2) libsecret (0.21.0 -> 0.21.1) libsolv (0.7.24 -> 0.7.25) libssh libstorage-ng (4.5.141 -> 4.5.143) libvpx llvm17 (16.0.6 -> 17.0.1) mozjs115 (115.2.0 -> 115.2.1) mpg123 (1.31.3 -> 1.32.2) open-vm-tools openssl-3 (3.1.2 -> 3.1.3) openssl (3.1.2 -> 3.1.3) ovmf (202305 -> 202308) p11-kit (0.24.1 -> 0.25.0) perl-HTTP-Message (6.44 -> 6.450.0) perl-Net-DNS (1.39 -> 1.400.0) php8 polkit-default-privs (1550+20230912.0978001 -> 1550+20230920.74aeded) python-alembic (1.11.2 -> 1.12.0) python-constantly python-greenlet (2.0.2 -> 3.0.0~rc3) python-netaddr (0.8.0 -> 0.9.0) python-qt5-sip (12.12.1 -> 12.12.2) python-reportlab (3.6.12 -> 3.6.13) python-tornado6 (6.3.2 -> 6.3.3) rdma-core (47.0 -> 48.0) rubygem-agama (3.devel43 -> 4) sddm sdl12_compat (1.2.64 -> 1.2.68) smartmontools stoken (0.92 -> 0.93) swtpm (0.8.0 -> 0.8.1) systemd tracker tuned (2.20.0.18+git.7b1a20b -> 2.21.0.0+git.670541d) udisks2 (2.9.4 -> 2.10.0) unar vsftpd xdg-utils (1.1.3+20230830 -> 1.1.3+20230831) yast2-bootloader (4.6.2 -> 5.0.2) yast2-installation (4.6.7 -> 5.0.1) yast2-python-bindings (4.6.0 -> 5.0.1) yast2-schema (4.6.1 -> 5.0.1) yast2-storage-ng (4.6.12 -> 5.0.1) yast2-trans (84.87.20230913.43f962446c -> 84.87.20230922.91d997adab) yast2-users (4.6.4 -> 5.0.1) === Details === ==== ImageMagick ==== Version update (7.1.1.15 -> 7.1.1.17) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.17 * upstream changelog: https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-17---2023-... - modified patches % ImageMagick-library-installable-in-parallel.patch (refreshed) - follow upstream, create open, limited, secure and websafe alternative configuration packages with different policy.xml - removing p7zip redundant dependency ==== Mesa ==== Version update (23.1.7 -> 23.1.8) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1 - Backport upstream patches for compatibility with LLVM 17: * U_llvmpipe-only-include-old-Transform-includes-when-ne.patch removes unneeded includes of header files that no longer exist. * U_clover-llvm-move-to-modern-pass-manager.patch migrates Clover to the new pass manager, since the old PM has been removed. - disable nine on arm/aarch64 in the hope to fix build on this platform; there is no need for Direct3D/Wine for arm/aarch64 anyway ... - Update to bugfix release 23.1.8: - -> https://docs.mesa3d.org/relnotes/23.1.8.html ==== Mesa-drivers ==== Version update (23.1.7 -> 23.1.8) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Backport upstream patches for compatibility with LLVM 17: * U_llvmpipe-only-include-old-Transform-includes-when-ne.patch removes unneeded includes of header files that no longer exist. * U_clover-llvm-move-to-modern-pass-manager.patch migrates Clover to the new pass manager, since the old PM has been removed. - disable nine on arm/aarch64 in the hope to fix build on this platform; there is no need for Direct3D/Wine for arm/aarch64 anyway ... - Update to bugfix release 23.1.8: - -> https://docs.mesa3d.org/relnotes/23.1.8.html ==== MozillaFirefox ==== Version update (117.0.1 -> 118.0.1) - Mozilla Firefox 118.0.1 MFSA 2023-44 (bsc#1215814) * CVE-2023-5217 (bmo#1855550), Heap buffer overflow in libvpx - Mozilla Firefox 118.0 MFSA 2023-41 (bsc#1215575) * CVE-2023-5168 (bmo#1846683) Out-of-bounds write in FilterNodeD2D1 * CVE-2023-5169 (bmo#1846685) Out-of-bounds write in PathOps * CVE-2023-5170 (bmo#1846686) Memory leak from a privileged process * CVE-2023-5171 (bmo#1851599) Use-after-free in Ion Compiler * CVE-2023-5172 (bmo#1852218) Memory Corruption in Ion Hints * CVE-2023-5173 (bmo#1823172) Out-of-bounds write in HTTP Alternate Services * CVE-2023-5174 (bmo#1848454) Double-free in process spawning on Windows * CVE-2023-5175 (bmo#1849704) Use-after-free of ImageBitmap during process shutdown * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195) Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 - requires NSS 3.93 - add mozilla-bmo1822730.patch - deactivated KDE integration temporarily (removed mozilla-kde.patch and firefox-kde.patch for now) ==== apache2-mod_php8 ==== - add missing references to rpm changelog - 15sp4 only: [bsc#1200772], [jsc#SLE-24723] add pecl, pear [jsc#SLE-23639] version update ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - Fix pam_apparmor %post and %postun scripts to handle pam-config errors (bsc#1215596) ==== argyllcms ==== Version update (2.3.1 -> 3.0.0) - Update to 3.0.0: * Updated ccast/axTLS to get ChromCast working again with latest Google CC operating software. * Extensive re-write/re-factor of icclib to make it more future-proof. See https://www.argyllcms.com/doc/ChangesSummary.html for details. * Added ref/ColorCheckerPassport.ti2 and ref/ColorCheckerHalfPassport.ti2 to allow measuring ColorCheckerPassport with instrument. * Fixed bug in Munki spectro hi-res mode with some instruments. Luminance matching between normal and hi-res was sometimes quite poor. * Added ARGYLL_CREATE_DISPLAY_PROFILE_WITHOUT_CHAD environment variable. * Changed colprof -U flag to -u. Changed dispcal -J flag to -K to accommodate a potential new flag for colprof and dispcal. * Added workaround for bug in madHcNet64.dll32/64.dll which sometimes causes failure. * Added delay after USB set_config on OS X to help Spyder 3/4 on Ventura OS. * Added -Y parameter to dispwin to override automatic patch delay. * Changed i1d3 driver to cope with Rev. B "0x83" error robustly. This should fix any issues measuring low level Red only patch values on OLED displays, but with slower measurements when this occurs. * Added spotread -Y S option to save spectral sensitivity curves and added corresponding support in i1d3 driver. This allows for comparison of different instruments factory calibrations. * Added a -h scale parameter to dispread, to allow the automatic instrument calibration test patch values to be scaled down from their default 100% value. This is useful with HDR displays. * Added manifest to MSWindows executables to use UTF-8 code pages on Windows 1903 and later. This should improve non-ASCII filename and path handling. * Added a Violet colorant to the targen colorant list. * Fixed problem with OS X 64 bit backwards compatibility where it failed to locate serial instruments when the binaries are run on OS X V12 or latter machines. * Fixed bug in i1Pro3 driver where it was not returning the correct measurement conditions enum. * Fixed spotread so that ambient measure for monochrome sources doesn't error out due to bad CCT/VCT/VDT. Also change -T so that it suppresses CCT etc. if ambient mode is used. * Added hacky workaround to strange Mac M2/rosetta bug in del_i1proimp(). - Make the argyllcms-doc package noarch. ==== autoyast2 ==== Version update (4.6.2 -> 5.0.1) Subpackages: autoyast2-installation - Added several LUKS-related elements to the partitioning schema (jsc#PED-3878, jsc#PED-5518). - 5.0.1 - 5.0.0 (#bsc1185510) ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Don't require sudo. There is no indication it's actually used for anything. ==== avahi-glib2 ==== Subpackages: libavahi-glib1 libavahi-gobject0 libavahi-ui-gtk3-0 - Don't require sudo. There is no indication it's actually used for anything. ==== branding-openSUSE ==== Subpackages: grub2-branding-openSUSE libreoffice-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE yast2-qt-branding-openSUSE - Enable grub2-branding on ppc64le. patterns-microos-base has Requires (grub2-branding-openSUSE if grub2). So we need the branding. ==== cairo ==== Version update (1.17.8 -> 1.18.0) Subpackages: libcairo-gobject2 libcairo-script-interpreter2 libcairo2 - Update to version 1.18.0: + The first stable cairo release in five years should be cause for celebration. + All the API added in the 1.17 development cycle is now considered stable, and will not change. + Many thanks to all the contributors for this release. + The cairo-sphinx tool has been removed; we could not find any instruction on how to use it, and no user answered our call for help. If you were using cairo-sphinx, please reach out to the cairo maintainers. + Cairo now implements Type 3 color fonts for PDF. + Multiple documentation fixes, to ensure that the cairo API reference is up to date. Also fixed multiple compiler warnings generated when building cairo. + The XML surface has been removed; it was disabled by default when building cairo, and we could not find any downstream distributor that would enable it. + The Tee surface is now automatically enabled. Downstream distributors of cairo have been enabling for years it in order to build Firefox. + Fixed multiple issues with the DWrite font backend. + Improved the Quartz surface; mainly, Quartz surfaces now use the main display ColorSpace, speeding up rendering operations. + Cairo now hides all private symbols by default on every platform; the old "slim" symbols hack to alias internally used symbols has been dropped, in favor of using `-Bsymbolic-functions` with toolchains that support it. + Fixed multiple memory leaks in the code base and test suite, and general maintenance. + Added new API to expose the Pixman dithering filter to cairo patterns; this is currently implemented only for image surfaces. - Drop patches fixed upstream: + cairo-1.17.8-fix-tee-compilation.patch + cairo-1.17.8-ft-font-missing-glyph.patch - Rebase patches with quilt. - Stop passing xml=disabled to meson setup, xml backend is dropped. ==== distribution-logos-openSUSE ==== Version update (20220322 -> 20230921) Subpackages: distribution-logos-openSUSE-Tumbleweed distribution-logos-openSUSE-icons - Add Aeon branding ==== drbd ==== - drbd: fix build error against kernel v6.5.4 (boo#1215699) * add upstream patch + 0001-drbd-allow-transports-to-take-additional-krefs-on-a-.patch + 0002-drbd-improve-decision-about-marking-a-failed-disk-Ou.patch + 0003-drbd-fix-error-path-in-drbd_get_listener.patch + 0004-drbd-build-fix-spurious-re-build-attempt-of-compat.p.patch + 0005-drbd-log-error-code-when-thread-fails-to-start.patch + 0006-drbd-log-numeric-value-of-drbd_state_rv-as-well-as-s.patch + 0007-drbd-stop-defining-__KERNEL_SYSCALLS__.patch + 0008-compat-block-introduce-holder-ops.patch + 0009-drbd-reduce-net_ee-not-empty-info-to-a-dynamic-debug.patch + 0010-drbd-do-not-send-P_CURRENT_UUID-to-DRBD-8-peer-when-.patch + 0011-compat-block-pass-a-gendisk-to-open.patch + 0012-drbd-Restore-DATA_CORKED-and-CONTROL_CORKED-bits.patch + 0013-drbd-remove-unused-extern-for-conn_try_outdate_peer.patch + 0014-drbd-include-source-of-state-change-in-log.patch + 0015-compat-block-use-the-holder-as-indication-for-exclus.patch + 0016-drbd-Fix-net-options-set-defaults-to-not-clear-the-t.patch + 0017-drbd-propagate-exposed-UUIDs-only-into-established-c.patch + 0018-drbd-rework-autopromote.patch + 0019-compat-block-remove-the-unused-mode-argument-to-rele.patch + 0020-drbd-do-not-allow-auto-demote-to-be-interrupted-by-s.patch * add suse special patch + bsc-1215699_fix-build-error-against-kernel-v6.5.4.patch ==== firewalld ==== Subpackages: firewalld-bash-completion firewalld-zsh-completion python3-firewall - python3-dbus isn't correct either, it's python3-dbus-python. - Correct Requires, python3-slip-dbus -> python3-dbus. ==== flashrom ==== Version update (1.2 -> 1.3.0) - Update to 1.3.0 - See changelog at https://www.flashrom.org/Flashrom/1.3 - Removed patches (merged upstream): - flashrom-install-man-file.patch - flashrom-j-link-spi.patch ==== git ==== Subpackages: git-core git-email git-svn git-web perl-Git - Downgrade openssh dependency to recommends (bsc#1215533) ==== glibc ==== Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd - fstat-implementation.patch: io: Do not implement fstat with fstatat - getaddrinfo-memory-leak.patch: Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 (CVE-2023-5156, bsc#1215714, BZ #30884) - getcanonname-use-after-free.patch: getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806, bsc#1215281, BZ #30843) - Do not build any cross packages in SLES - no-aaaa-read-overflow.patch: Stack read overflow with large TCP responses in no-aaaa mode (CVE-2023-4527, bsc#1215280, BZ #30842) - Add systemd to passwd, group and shadow lookups (jsc#PED-5188) - ppc64-flock-fob64.patch: io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64 (BZ #30804) - libio-io-vtables.patch: libio: Fix oversized __io_vtables - call-init-proxy-objects.patch: elf: Do not run constructors for proxy objects - dtors-reverse-ctor-order.patch: elf: Always call destructors in reverse constructor order (BZ #30785) - intl-c-utf-8-like-c-locale.patch: intl: Treat C.UTF-8 locale like C locale (BZ #16621) - glibc-disable-gettext-for-c-utf8.patch: Removed ==== gnome-control-center ==== Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces - Add gnome-control-center-add-user-button.patch: Show add user button when user is a normal user (bsc#1215556 glgo#GNOME/Settings!1927). ==== gnome-mahjongg ==== Version update (3.40.0 -> 3.40.0+35) - Update to version 3.40.0+35: + window: always show number of moves left + gnome-mahjongg: update 'moves left' on tile match and restart + game: Only create a single timer + User help: Correct dead IRC link + Updated translations. - Switch to service, git checkout of current head. ==== gnome-music ==== - Explicitly create the pycache/.pyc files, not relying on the generation done by meson. Should make the package reproducible. ==== gnome-tweaks ==== Version update (42.beta+60 -> 45.0) - Update to version 45.0: + This release removes several features now found in GNOME Settings. There are also some small interface refreshments in preparation for the GTK4 upgrade. More significantly, the core interface has been refactored to use layout files. + Updated translations. - Switch compression to zst both in service and tarball produced. ==== gnustep-base ==== - use pkgconfig(icu-uc) to use the current libicu. (jsc#PED-6193) ==== gpg2 ==== Version update (2.3.8 -> 2.4.0) Subpackages: dirmngr - Install the systemd user units in the _userunitdir [bsc#1201564] * Note that, there is no activation by default. * Rework excludes in the spec's files section. - Temporarily revert back to the pre-2.4 default for key generation. The new rfc4880bis has been set as the default in 2.4 version and might create incompatible keys. Note that, rfc4880bis can still be used with the option flag --rfc4880bis as in previous versions. * More info in the gnupg-devel ML: https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9 * Add gnupg-revert-rfc4880bis.patch - Allow 8192 bit RSA keys in keygen UI when large_rsa is set * Add gnupg-allow-large-rsa.patch - Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313 * The original patch has been modified to expand the changes also to the tests/gpgme/Makefile.in file. * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch - Updated to require libgpg-error-devel >= 1.46 - Rebased patches: * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch * gnupg-add_legacy_FIPS_mode_option.patch - GnuPG 2.4.0: * common: Fix translations in --help for gpgrt < 1.47. * gpg: Do not continue the export after a cancel for the primary key. * gpg: Replace use of PRIu64 in log_debug. * Update NEWS for 2.4.0. * tests: Fix make check with GPGME. * agent: Allow arguments to "scd serialno" in restricted mode. * scd:p15: Skip deleted records. * build: Remove Windows CE support. * wkd: Do not send/install/mirror expired user ids. * gpgsm: Print the revocation time also with --verify. * gpgsm: Fix "problem re-searching certificate" case. * gpgsm: Print revocation date and reason in cert listings. * gpgsm: Silence the "non-critical certificate policy not allowed". * gpgsm: Always use the chain model if the root-CA requests this. * gpg: New export option "mode1003". * gpg: Remove a mostly duplicated function. * tests: Simplify fake-pinentry to use the option only. * tests: Fix fake-pinentry for Windows. * tests: Fix make check-all. * agent: Fix import of protected v5 keys. * gpgsm: Change default algo to AES-256. * tests: Put a workaround for semihosted environment. * tests: More fix for semihosted environment. * tests: Support semihosted environment. * tests: Fix tests under cms. * tests,w32: Fix for semihosted environment. * w32: Fix for tests on semihosted environment. * w32: Fix gnupg_unsetenv. * wkd: New option --add-revocs and some fixes. * wkd: Make use of --debug extprog. * gpg: New export-filter export-revocs. * gpg: Fix double-free in gpg --card-edit. * gpg: Make --require-compliance work with out --status-fd. * gpg: New option --list-filter. * dirmngr: Silence ocsp debug output. * tests: Fix to support --enable-all-tests and variants. * tests:w32: Fix for non-dot file name for Windows. * tests:gpgscm:w32: Fix for GetTempPath. * tests: Keep .log files in objdir. * tests: Use 233 for invalid value of FD. * w32: Fix gnupg_tmpfile for possible failure. * scd: Redact --debug cardio output of a VERIFY APDU. * common: Remove Windows CE support in common. * gpgsm: Fix colon outout of ECC encryption certificates. * scd:nks: Fix ECC signing if key not given by keygrip. * dirmngr: Fix verification of ECDSA signed CRLs. * agent: Allow trustlist on Windows in Unicode homedirs. * gpg: Fix verification of cleartext signatures with overlong lines. * gpg: Move w32_system function. * gpg: New option --quick-update-pref. * gpg: New list-options show-pref and show-pref-verbose. * tests: Add tests to check that OCB is only used for capable keys. * gpg: Make --list-packets work w/o --no-armor for plain OCB packets. * tests: Add symmetric decryption tests. * tests: Add tr:assert-same function. * agent: Avoid blanks in the ssh key's comment. * build: Update m4 files. * gpg: Merge --rfc4880bis features into --gnupg. * gpg: Allow only OCB for AEAD encryption. * gpg: New option --compatibility-flags. * gpgsm: Also announce AES256-CBC in signatures. * gpg: Fix trusted introducer for user-ids with only the mbox. * gpg: Import stray revocation certificates. * agent: Automatically convert to extended key format by KEYATTR. * card: New commands "gpg" and "gpgsm". * card: Also show fingerprints of known X.509 certificates. * scd:nks: Support non-ESIGN signing with the Signature Card v2. * gpgsm: Allow ECC encryption keys with just keyAgreement specified. * gpgsm: Use macro constants for cert_usage_p. * build: Update gpg-error.m4. * agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument. * gpg: Move NETLIBS after GPG_ERROR_LIBS. * gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future. * common,w32: Fix struct stat on Windows. * agent,w32: Support Win32-OpenSSH emulation by gpg-agent. * common: Don't use FD2INT for POSIX-only code. * dirmngr: Fix build with no LDAP support. ==== gpgme ==== Subpackages: libgpgme11 libgpgmepp6 - Use GCC 12 for building the Qt6 library on Leap 15. The default compiler is too old. - Use '%{without xxx}' rather than '!%{with xxx}' in spec file - Use GCC 12 for building the Qt6 library. The default compiler is too old. - Use '%{without xxx}' rather than '!%{with xxx}' in spec file ==== gpgmeqt ==== - Use GCC 12 for building the Qt6 library on Leap 15. The default compiler is too old. - Use '%{without xxx}' rather than '!%{with xxx}' in spec file - Use GCC 12 for building the Qt6 library. The default compiler is too old. - Use '%{without xxx}' rather than '!%{with xxx}' in spec file ==== grantleetheme ==== - Fix runtime dependencies (boo#1212455, boo#1215517) ==== graphite2 ==== - fixed license string [bsc#1207676]: LGPL-2.1-or-later OR MPL-2.0 OR GPL-2.0-or-later ==== gstreamer ==== Version update (1.22.5 -> 1.22.6) Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.22.6: + Highlighted bugfixes: - Security fixes for the MXF demuxer and H.265 video parser - Fix latency regression in H.264 hardware decoder base class - androidmedia: fix HEVC codec profile registration and fix coded_data handling - decodebin3: fix switching from a raw stream to an encoded stream - gst-inspect: prettier and more correct signal and action signals printing - rtmp2: Allow NULL flash version, omitting the field, for better RTMP server compatibility - rtspsrc: better compatibility with buggy RTSP servers that don't set a clock-rate - rtpjitterbuffer: fix integer overflow that led to more packets being declared lost than have been lost - v4l2: fix video encoding regression on RPi and fix support for left and top padding - waylandsink: Crop surfaces to their display width height - cerbero: Recognise Manjaro; add Rust support for MSVC ARM64; cmake detection fixes - Various bug fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - gst-inspect: prettier and more correct signal printing, and print action signals in g_signal_emit_by_name() format - gst-launch: Disable fault signal handlers on macOS - Rebase reduce-required-meson.patch ==== gstreamer-plugins-bad ==== Version update (1.22.5 -> 1.22.6) Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.22.6: + audiolatency: Forward latency query and event upstream + av1parser: Fix segmentation params update + codecparsers: Fix MPEG-1 aspect ratio table + d3d11convert: Passthrough allocation query on same caps + h264decoder: Update latency dynamically + h265parser: - Allow partially broken hvcC data - Fix possible overflow using max_sub_layers_minus1 + hlssink2: Always use forward slash separator + mdns: Fix a crash on context error + mxfdemux: Fix integer overflow causing out of bounds writes when handling invalid uncompressed video and check channels for AES3 + nvencoder: Fix negotiation error when interlace-mode is unspecified + rtmp2: Allow NULL flash version, omitting the field + rtmp2sink: fix crash if message conversion failed + transcodebin: Fixes for upstream selectable support + va: Fix in error logs functions mismatches + waylandsink: - Crop surfaces to their display width height - Fix cropping for video with non-square aspect ratio + webrtc: Fix docs for create-data-channel action signal - Rebase reduce-required-meson.patch ==== gstreamer-plugins-base ==== Version update (1.22.5 -> 1.22.6) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.22.6: + audio: Make sure to stop ringbuffer on error + decodebin3: - Avoid identity, sinkpad, parsebin leakage when reset input - Ensure the slot is unlinked before linking to decoder + sdp: - Fix wrong debug log error message for missing clock-rate in caps - Parse zero clock-rate as default - Rebase reduce-required-meson.patch ==== gstreamer-plugins-good ==== Version update (1.22.5 -> 1.22.6) Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-qtqml - Update to version 1.22.6: + adaptivedemux2: fix memory leak + pulsedeviceprovider: fix incorrect usage of GST_ELEMENT_ERROR + qt: - Unbreak build with qt-egl enabled but viv_fb missing - Fix searching of qt5/qt6 tools with qmake in Meson + qtdemux: - Fix premature EOS when some files are played in push mode - Attach cbcs crypt info at the right moment + rtpjitterbuffer: Avoid integer overflow in max saveable packets calculation with negative offset + videoflip: fix concurrent access when modifying the tag list + v4l2: - allocator: Don't close foreign dmabuf - bufferpool: . Fix large encoded stream regression . Problems when checking for truncated buffer - Fix support for left and top padding + v4l2object: clear format lists if source change event is received - Rebase reduce-required-meson.patch - Add libqt5-linguist BuildRequires: New dependency. ==== gstreamer-plugins-libav ==== Version update (1.22.5 -> 1.22.6) - Update to version 1.22.6: + No changes, stable bump only. - Rebase reduce-required-meson.patch. ==== gstreamer-plugins-rs ==== Version update (0.10.11 -> 1.22.6) - Update to version 1.22.6: + fallbackswitch: locking/deadlock fixes + onvifmetadataparse: Skip metadata frames with unrepresentable UTC time + transcriberbin: Configure audioresample in front of transcriber + webrtcsink: - Propagate GstContext messages - Add support for d3d11 memory and qsvh264enc - Fix TWCC extension adding - Don't forget to setup encoders for discoveries - NVIDIA V4L2 encoders always require NVMM memory + meson: Fix handling of optional deps, and don't require Python-3.8 - Switch service to do the tag released with the other gstreamer packages. Gstreamer-plugins-rs are now released at the same time as the gstreamer main packages. - Switch compression to zst both in service and tarball produced. ==== gstreamer-plugins-ugly ==== Version update (1.22.5 -> 1.22.6) - Update to version 1.22.6: + No changes, stable bump only. - Rebase reduce-required-meson.patch. ==== highway ==== Version update (1.0.5 -> 1.0.7) - Update to release 1.0.7 * Add LoadNOr, GatherIndexN, ScatterIndexN * Add additional float<->int conversions * Codegen improvements for 8-bit shift, PPC Compress/Expand - Update to release 1.0.6 * Add MaskedGatherIndex, MaskedScatterIndex, LoadN, StoreN, SatWidenMulPairwiseAdd, SumOfMulQuadAccumulate, PromoteUpperLowerTo. * Add F64 for Wasm, F64 AbsDiff * Validate all D args in x86 function signatures ==== imlib2 ==== Version update (1.12.0 -> 1.12.1) Subpackages: imlib2-loaders libImlib2-1 - update to 1.12.1: * Fix some clang complaints * scaling: MMX asm scaling causes segv, disable for now * loading: Call module exit function also when not dlclosing module on unload * loaders: Fix build with -m32 --enable-debug * test_load_2: Add forgotten xeyes.png * test_save: Fix for jxl loader on ix86 * test_scale: MMX scaling is disabled * RAW loader: Don't unload loader * loaders: Fix CPPFLAGS order * imlib2_grab, imlib2_view: Unset context colormap * x11_grab: Use correct depth when grabbing ==== java-11-openjdk ==== Subpackages: java-11-openjdk-headless - Added patch: * reproducible-properties.patch + use SOURCE_DATE_EPOCH for timestamp in the generated properties files ==== kcalutils ==== - Fix runtime dependencies (boo#1215517) ==== kio ==== Subpackages: kio-core - Add upstream crash fix (kde#474451) * 0001-Don-t-crash-if-KMountPoint-gives-nothing-back-while-.patch ==== libHX ==== Version update (4.14 -> 4.15) - Update to release 4.15 * Add functions to compute Least Positive Residue (HX_flpr, HX_flprf) * Make HX_strrtrim work on strings longer than INT_MAX ==== libapparmor ==== - Fix pam_apparmor %post and %postun scripts to handle pam-config errors (bsc#1215596) ==== libblockdev ==== Version update (2.28 -> 3.0.2) - Update to version 3.0.2: * Use ntfsinfo instead of ntfscluster for faster bd_fs_ntfs_get_info. * Restrict list of exported symbols via -export-symbols-regex. * lib: Silence the missing DEFAULT_CONF_DIR_PATH. * loop: Report BD_LOOP_ERROR_DEVICE on empty loop devices. * fs: Fix unused error in extract_e2fsck_progress. * fs: Use read-only mount where possible for generic FS functions. * fs: Document that generic functions can mount filesystems. * fs: Avoid excess logging in extract_e2fsck_progress. - Restructure all sub-packages in the spec file to enhance maintainability. - Update to 3.0.1: * New bugfix release of the libblockdev library with multiple fixes. * loop: Define LOOP_SET_BLOCK_SIZE is not defined. And remove bd_loop_get_autoclear definition. * crypto: Remove stray struct redefinition. * fs: Simplify struct BDFSInfo. And add missing copy and free functions to the header file. * vdo_stats: Remove unused libparted include. * lvm: Make _vglock_start_stop static. Fix declaration for bd_lvm_vdolvpoolname. And add bd_lvm_segdata_copy/free to the header file. * Make the conf.d directory versioned. - Changes from version 3.0.0: * New major release of the libblockdev library. This release contains a large API overhaul. * VDO a KBD plugins were removed. * New NVMe plugin was added. * Runtime dependencies are no longer checked during plugin initialization. * Part plugin was rewritten to use libfdisk instead of libparted * Crypto plugin API went through an extensive rewrite. * Support for new technologies was added to the crypto plugin: FileVault2 encryption, DM Integrity, LUKS2 tokens. * Filesystem plugin adds support for btrfs, F2FS, NILFS2, exFAT and UDF. * Support for new filesystem operations was added to the plugin: setting label and UUID, generic mkfs function and API for getting feature support for filesystems. * dmraid support was removed from the DM plugin. * Python 2 support was dropped. - Drop no longer needed libblockdev-fix-libkmod-include.patch - Drop no longer supported sub-packages with their dependencies, and their configure options, following upstream changes: python2 (python-devel), bcache, dmraid (dmraid-devel BuildRequires) and kbd. - Add (gcc >= 11 or gcc11) boolean BuildRequires to ensure the package is buildable on Leap 15.5, where the gcc meta-package is of version 7. - Bump the SO version to 3 for the shared library and GI bindings sub-packages. - Add ext2fs, fdisk, and libkeyutils pkgconfig() BuildRequires. The first is a new dependency for the FS plugin. The second, for the PART plugin. And the latter, for the CRYPTO plugin (before, the explicit_bzero() function would be searched for). - Add libnvme-devel >= 1.3 BuildRequires, and pass --with-nvme to configure, needed for the NVMe plugin (new upstream addition). - Pass --with-tools to configure, ensuring we keep building the libblockdev tools. ==== libbytesize ==== - Rename python3-libbytesize sub-package to python3-bytesize. This is the expected name by its consumers. ==== libdrm ==== Subpackages: libdrm2 libdrm_amdgpu1 libdrm_nouveau2 libdrm_radeon1 - provide/obsolete dropped packages libkms1/libkms-devel (bsc#1215526) - adjusted n_libdrm-drop-valgrind-dep-generic.patch, n_libdrm-drop-valgrind-dep-intel.patch to generated 2.4.116 pkgconfig files in order to fix build against sle15/Leap 15.x ==== libguestfs ==== Subpackages: libguestfs-appliance libguestfs-xfs libguestfs0 - bsc#1215543 - guestfs regression: file: Use -S option with -z Omit-file--S-option-on-older-distros-that-lack-support.patch See also bsc#1215461 - bsc#1215586 - guestfs regression: non functional network due to missing sysconfig-netconfig libguestfs.spec ==== libjxl ==== - Switch from LCMS to SKCMS: libjxl core can use either, but plugins can only use SKCMS. Exercising two CMS simultaneously also is silly. Delete 0001-Remove-LCMS-mutex.patch . - Build plugins: * Add _service file to generate skcms tarball (needed to build plugins). * Add skcms tarball as source and copy extracted dir to ./third_party/ so cmake can find it. * Split out new packages: * gdk-pixbuf-loader-jxl: Pixbuf loader for supported apps. * gimp-plugin-jxl: Plugin to allow gimp to work with JPEG XL files. * jxl-thumbnailer: Thumbnailer and mime files to allow generating thumbnails for JPEG XL files. ==== libnma ==== Subpackages: libnma-glib-schema libnma-gtk4-0 libnma0 typelib-1_0-NMA4-1_0 - Add libnma-glib-schema Requires to libnma-gtk4-0 sub-package, ensure libnma-glib-schema gets installed by default now that gnome-control-center have ported to gtk4. ==== libqt5-qtbase ==== Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 - switch icu-devel requires to pkgconfig to allow switching libicu versions ==== libreoffice ==== Version update (7.6.1.1 -> 7.6.1.2) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - libreoffice-draw requires libreoffice-impress from 7.5 onwards, bsc#1215595 - Update to 7.6.1.2: https://wiki.documentfoundation.org/Releases/7.6.1/RC2 ==== libsecret ==== Version update (0.21.0 -> 0.21.1) Subpackages: libsecret-1-0 typelib-1_0-Secret-1 - Update to version 0.21.1: + Fix updating credentials by another process in the same Flatpak sandbox. + Migrate to g_memdup2. + Updated translations. ==== libsolv ==== Version update (0.7.24 -> 0.7.25) Subpackages: libsolv-tools python3-solv ruby-solv - support complex deps in SOLVABLE_PREREQ_IGNOREINST - fix minimization not prefering installed packages in some cases - reduce memory usage in repo_updateinfoxml - fix lock-step interfering with architecture selection - fix choice rule handing for package downgrades - fix complex dependencies with an "else" part sometimes leading to unsolved dependencies - bump version to 0.7.25 ==== libssh ==== Subpackages: libssh-config libssh4 - Enable crypto-policies support: [bsc#1211301] * Rebase libssh_client.config libssh_server.config ==== libstorage-ng ==== Version update (4.5.141 -> 4.5.143) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#949 - reduce manual memory handing - 4.5.143 - merge gh#openSUSE/libstorage-ng#948 - fixed memory leak - more consistent function naming - 4.5.142 ==== libvpx ==== - Fixing CVE-2023-5217 heap buffer overflow (boo#1215778) added CVE-2023-5217.patch ==== llvm17 ==== Version update (16.0.6 -> 17.0.1) Subpackages: clang-tools libclang13 - Update to version 17.0.1. * For details, see the release notes: - https://releases.llvm.org/17.0.1/docs/ReleaseNotes.html - https://releases.llvm.org/17.0.1/tools/clang/docs/ReleaseNotes.html - https://releases.llvm.org/17.0.1/tools/clang/tools/extra/docs/ReleaseNotes.h... - https://releases.llvm.org/17.0.1/projects/libcxx/docs/ReleaseNotes.html - https://releases.llvm.org/17.0.1/tools/lld/docs/ReleaseNotes.html - Rebase patches: * libcxx-test-library-path.patch * llvm_build_tablegen_component_as_shared_library.patch * llvm-do-not-install-static-libraries.patch * llvm-normally-versioned-libllvm.patch * llvm-remove-clang-only-flags.patch * opt-viewer-Find-style-css-in-usr-share.patch - Simplify check-no-llvm-exegesis.patch by removing test directory. - Drop patches that have landed upstream: * openmp-drop-rpath.patch - Add openmp-dont-run-gpu-arch.patch: the binaries are not available in our build, and neither are the toolchains they test for (NV CUDA and AMD HSA). ==== mozjs115 ==== Version update (115.2.0 -> 115.2.1) - Update to version 115.2.1: + Security fix: CVE-2023-4863: Heap buffer overflow in libwebp. ==== mpg123 ==== Version update (1.31.3 -> 1.32.2) Subpackages: libmpg123-0 mpg123-openal - Update to version 1.32.2 * libmpg123: Re-introduce _64 symbols on native 64 bit offset platforms. This was a regression since 1.31 series. Sorry, too much cleanup, not enough testing. * build: + Better O_LARGEFILE logic, avoiding redefintion. * ports/cmake: + Require C99 (bug 360, among other points, thanks to Ozkan Sezer). + Fix broken O_LARGEFILE logic (bug 360). + Typo fix and cleanup, also manual SSE switch for Android on old x86 (bug 359). - Update to version 1.32.1 * Include man pages again in tarball and install. We cannot avoid the empty man directory when disabling programs with autoconf. * Fix signal handler prototype, avoiding some justified warnings. * ports/cmake: + Include CheckTypeSize, which seems to be needed sometimes + Avoid O_LARGEFILE redefinition, logic closer to autoconf. - Update to version 1.32.0 * build + Move version handling out of configure.ac to ease other build systems. + Include "fmt123.h" instead of <fmt123.h> in main API headers to make it more likely the correct one is included (at least gcc picks the one in the same directory as the including header first). + All headers are build-independent now. + Fix build for picky linkers by avoiding definition of wrap_getcpuflags() where it is not used (spurious linker error to non-exitent getcpuflags(), bug 353). + Handle deprecation of C99 detection macro in autoconf 2.70. + No use of AC_SYS_LARGEFILE anymore for explicit handling and differing choice for the libraries and frontend programs. + Added --enable-portable and --disable-largefile to configure, removing the other largefile-related options. + Added --disable-components --enable-libmpg123 to only build libmpg123 (and likewise --enable-libout123, - -enable-libout123-modules, --enable-libsyn123) to autoconf build. CMake build has something similar with BUILD_PROGRAMS and BUILD_LIBOUT123, which leave only libmpg123 and libsyn123 if disabled). + Consistent formatting of ./configure --help with AS_HELP_STRING(). * mpg123 + Added --libversion. + Added proper A-B looping with terminal control key 'o', renamed --pauseloop to --presetloop. + Really get rid of mpg123_position() usage. (It was all lies before!) + Fix terminal progress info when seeking in stopped mode (1.31 regression). + Patch up interaction of output buffer with generic remote control, adding non-interruptible drain after P 3, and dropping buffer on QUIT. + Uppercase some generic control replies for consinstency: SILENCE, PROGRESS, MUTE, UNMUTE * libmpg123, libout123, libsyn123 + Bumped API version for version query functions. + Replaced nearly all symbol renames with explicit INT123_ prefix declarations (intsym.h close to empty now). * libout123 + Add sleep builtin output module (silent, but proper timing). * libsyn123 + Introduced SYN123_PORTABLE_API for an API without off_t and ssize_t (see NEWS.libsyn123). * libmpg123 + Internal I/O using explicit largefile support via off64_t, lseek64, fallback to plain 32 bit off_t. + Added explicit 64 bit API with 64 suffix (mpg123_tell64(), not mpg123_tell_64()). This allows full avoidance of ambiguus off_t. The API is always using 64 bit integers, regardless of internal implementation. + Introduced MPG123_PORTABLE_API for an API subset without off_t and ssize_t. + Made mpg123_seek() and friends ignore offset sign for SEEK_END (always seeking towards beginning, assuming negative offset) to make lseek()-conforming usage possible. Seeking beyond the end never made sense, so no loss of valid functionality. * Overall use of INT123_strerror(), trying to use thread-safe strerror_l() if possible. ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - 15 sp4 currently uses open-vm-tools rpms from 15 sp3. As such, enable the spec file fix for bug (bsc#1205927) for 15 sp3 onwards. - open-vm-tools is built with containerinfo plugin from 15 sp3 onwards ==== openssl-3 ==== Version update (3.1.2 -> 3.1.3) Subpackages: libopenssl3 - Update to 3.1.3: * Fix POLY1305 MAC implementation corrupting XMM registers on Windows (CVE-2023-4807) ==== openssl ==== Version update (3.1.2 -> 3.1.3) - Update to 3.1.3 ==== ovmf ==== Version update (202305 -> 202308) Subpackages: qemu-uefi-aarch64 - Update to edk2-stable202308 - Features (https://github.com/tianocore/edk2/releases): CryptoPkg: consume OpenSSL 3.0 Replace the OVMF-specific SataControllerDxe with the generic one in MdeModulePkg Remove the duplicated definitions from BaseTools Arm GIC Library and Driver improvements Use restricted memory mappings in PEI Add SmmCpuFeaturesLib implementation for AMD Processor family Add USB Network RNDIS Drivers Support Standalone MM based variable services in PEI on ARM systems Add RISC-V MMU support Add RISC-V support to CLANGDWARF toolchain - Patches (git log --oneline --date-order edk2-stable202305..edk2-stable202308): 819cfc6b42 OvmfPkg/RiscVVirt: Fix issues in VarStore Blockmap config 00b51e0d78 MdeModulePkg: HeapGuard: Don't Assume Pool Head Allocated In First Page 48089f3a7c OvmfPkg/Bhyve: build platform info HOB eaffa1d7ff UefiCpuPkg:Wake up APs after power-up or RESET through SIPI. 1d76560146 OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi. 98e9d29e06 UefiCpuPkg: Add PcdFirstTimeWakeUpAPsBySipi 055c7bd1a7 UefiCpuPkg: Add SendStartupIpiAllExcludingSelf 991515a058 CryptoPkg: remove BN and EC accel for size optimization e91bfffd4f CryptoPkg/openssl: update CI config for openssl 3.0 46226fb5d3 CryptoPkg: remove strcmp to syscall c0aeb92663 CryptoPkg: run configure.py to update all generated files dfa6147a79 CryptoPkg: add more dummy implement of openssl for size optimization 2bead79cfc CryptoPkg: add implemention of _ftol2_sse() to avoid build error b2ff8e45db CryptoPkg: add define of maximum unsigned size_t 4b5faa5775 CryptoPkg: add missing gcc instructions 43e0ede26b CryptoPkg: Enable memcpy sys call in RISCV64 build f0d3e59754 CryptoPkg: Align with 4096 when build with OpensslFullAccel bdf3142eb7 CryptoPkg/TlsLib: use unsigned long for ErrorCode 20193b20b5 CryptoPkg: disable C4133 warning in openssl libraries bf1ff73c8c CryptoPkg: Add instrinsics to support building openssl3 on IA32 windows cea8e3b513 CryptoPkg: adapt 3.0 change in SslNull.c ea7a37d352 CryptoPkg: use UEFI provider as default 9b9b331e0f CryptoPkg: Move all UEFI implement of openssl to OpensslStub 5e1900f266 CryptoPkg/openssl: adapt EcSm2Null.c for openssl 3.0 174a306ccd CryptoPkg/openssl: store dummy update for openssl 3.0 3af00aec7f CryptoPkg/openssl: move compiler_flags to buildinf.c c638d1f672 CryptoPkg/openssl: adapt rand_pool.c to openssl 3.0 changes eac38f74c4 CryptoPkg/TlsLib: ERR_GET_FUNC is gone 2a6dc1211f CryptoPkg/BaseCryptLib: drop BIO_* dummy functions 63c8d160ae CryptoPkg/BaseCryptLib: adapt CryptSm3.c to openssl 3.0 changes. 84158d0ebe CryptoPkg/BaseCryptLib: no openssl deprecation warnings please ac492c3ead CryptoPkg/openssl: UefiAsm.conf update for openssl 3.0 81f5aa0700 CryptoPkg/openssl: add openssl3 configure scripts 7cede6d5f4 CryptoPkg/openssl: update Openssl*.inf files for openssl 3.0 49a113a7a4 CryptoPkg/openssl: cleanup all openssl1.1.1 generated files and code 9d6d237c3c CryptoPkg/openssl: update submodule to openssl-3.0.9 136931c4db MedPkg/Include: Add PCI_EXPRESS_EXTENDED_CAPABILITY_DVSEC_ID 3c274c0d83 MdePkg: Add new status codes to PrintLib 107ddf1de9 MdePkg: Add missing status codes 2d8c17a9b6 OvmfPkg/PlatformCI: Boot OVMF in SMP mode. bae848ee25 OvmfPkg/PlatformCI VS2019: Disable workaround for cpuhp bugfix 744c42bfd8 OvmfPkg/PlatformCI: Use recent Qemu on Windows 01ad4134c3 MdeModulePkg: Solve boot hang Xhci driver when use USB DVD with empty disk ef05145136 ArmPkg: DefaultExceptionHandlerLib: Do Not Allocate Memory 7672d1cca5 MdeModulePkg/SetupBrowser: Load storage via GetVariable for EfiVarStore fa789cc68a BaseTools: scan Edk2ToolsBuild.py make output 5cadb8ce21 BaseTools: BinToPcd: Resolve xdrlib deprecation d11968fcc5 MdeModulePkg/Bus/Ata/AtaAtapiPassThru: Fix UNUSED_VALUE Coverity issue c7c1170a45 MdeModulePkg/Bus/Ata/AtaAtapiPassThru: Fix SIGN_EXTENSION Coverity issue 677f2c6f15 OvmfPkg/RiscVVirt: Update README for CLANGDWARF support 3f49462558 BaseTools/tools_def: Add CLANGDWARF support for RISC-V 0f9fd06919 OvmfPkg/RiscVVirt: SecEntry: Remove unnecessary assembly directives 8543840cfd OvmfPkg/RiscVVirt: use 'auto' alignment and FIXED for XIP modules 70f3e62dc7 OvmfPkg/BhyvePkg: enable bus enumeration f284981506 Revert "OvmfPkg/Bhyve: remove IncompatiblePciDeviceSupport DXE driver" 1c923b9f25 Revert "OvmfPkg/Bhyve: consume PciHostBridgeLibScan" c7a7f09c1d UefiCpuPkg: Decouple the SEV-ES functionality. 25a6745fe8 RedfishPkg/RedfishDiscoverDxe: fix netmask check issue dcf05f958e MdePkg/Include/IndustryStandard: Remove VS20xx workaround 5309ddc83b EmulatorPkg/Win/Host: Fix RUNTIME_FUNCTION redefinition error 925c445fd3 OvmfPkg/RiscVVirt: Avoid printing hard coded timeout value 7427dd3fc0 OvmfPkg/RiscVVirt: Check "no-map" and mark EfiReservedMemoryType c6b512962e UnitTestFrameworkPkg: UnitTestPersistenceLib: Save Unit Test Cache Option b2de9ec5a7 CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1u 6510dcf6f7 NetworkPkg/HttpDxe: fix driver binding start issue. a52044a9e6 OvmfPkg/IoMmuDxe: add locking to IoMmuAllocateBounceBuffer 08aacbf056 OvmfPkg/CloudHv: update Maintainers.txt entry 4d1014093f UefiCpuPkg: Uses gMmst in MmSaveStateLib 39ded59c09 OvmfPkg/PeilessStartupLib: Updated with PcdSecureBootSupported 3399f64588 RedfishPkg/RedfishRestExDxe: reset session when TCP timeout happens dd49d448b0 MdeModulePkg/Bus/Pci/EhciDxe: Fix FORWARD_NULL Coverity issues f220dcbba8 UefiCpuPkg: RISC-V: Support MMU with SV39/48/57 mode cc13dcc576 OvmfPkg: RiscVVirt: Remove satp bare mode setting 33d0a3cc92 OvmfPkg/RiscVVirt: Add VirtNorFlashDxe to APRIORI list a8a72fc1ff OvmfPkg/RiscVVirt: SEC: Add IO memory resource hob for platform devices a9fc9bb466 OvmfPkg/RiscVVirt: VirtNorFlashPlatformLib: Fix wrong flash size fbec9aec00 MdePkg/Register: RISC-V: Add satp mode bits shift definition 7178047402 MdePkg/BaseLib: RISC-V: Support getting satp register value e674096acc OvmfPkg/ResetVector: Fix assembler bit test flag check ff3382a51c MdeModulePkg/Bus/Usb/UsbNetwork/UsbCdcNcm: Add USB Cdc NCM devices support 5e400d22a0 MdeModulePkg/Bus/Usb/UsbNetwork/UsbCdcEcm: Add USB Cdc ECM devices support fc0d5922f1 MdeModulePkg/Bus/Usb/UsbNetwork/UsbRndis: Add USB RNDIS devices support 8dab4eebe4 UefiPayloadPkg: Integrate UiApp and BootManagerMenuApp into MultiFv 964a4f032d UefiCpuPkg: Eliminate the second INIT-SIPI-SIPI sequence. 629c1dacc9 UefiCpuPkg: ApWakeupFunction directly use CpuMpData. 8bb018afaf UefiCpuPkg: Create MpHandOff. ... changelog too long, skipping 204 lines ... qemu-uefi-riscv64.bin ==== p11-kit ==== Version update (0.24.1 -> 0.25.0) Subpackages: libp11-kit0 p11-kit-tools - Add d1d4b0ac316a27c739ff91e6c4153f1154e96e5a.patch: Fix probing of C_GetInterface. - Update to 0.25.0: * add PKCS#11 3.0 support * add support for profile objects * add ability to adjust module and config paths at run-time via system environmental exports * make terminal output nicer * p11-kit: add command to print merged configuration * p11-kit: add commands to list, add and delete profiles of a token * trust: add command to check format of .p11-kit files * virtual: fix libffi type signatures for PKCS#11 3.0 functions * server: fix umask setting when --group is specified * server: check SHELL only when neither --sh nor --csh is specified * rpc: use space string in C_InitToken * rpc: fix two off-by-one errors identified by asan * modules: make logging message more translatable * pkcs11.h: support CRYPTOKI_GNU for IBM vendor mechanisms * pkcs11.h: add IBM specific mechanism and attributes * pkcs11.h: add ChaCha20/Salsa20 and Poly1305 mechanisms * pkcs11.h: add AES-GCM mechanism parameters for message-based encryption * po: update translations from Transifex - Update upstream p11-kit.keyring file - Add missing lang files - Switch to using Meson as the build system ==== perl-HTTP-Message ==== Version update (6.44 -> 6.450.0) - updated to 6.45 see /usr/share/doc/packages/perl-HTTP-Message/Changes 6.45 2023-09-27 14:27:31Z - Allow for file ownership conflicts with Docker and GitHub Actions (GH#193) (Olaf Alders) - Add the 'status_code' function for getting all status codes as hash (GH#194) (Dai Okabayashi) ==== perl-Net-DNS ==== Version update (1.39 -> 1.400.0) - updated to 1.40 see /usr/share/doc/packages/perl-Net-DNS/Changes ==== php8 ==== Subpackages: php8-cli php8-ctype php8-dom php8-gd php8-gettext php8-iconv php8-mbstring php8-mysql php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - add missing references to rpm changelog - 15sp4 only: [bsc#1200772], [jsc#SLE-24723] add pecl, pear [jsc#SLE-23639] version update ==== polkit-default-privs ==== Version update (1550+20230912.0978001 -> 1550+20230920.74aeded) - Update to version 1550+20230920.74aeded: * udisks2: add additional NVME action (bsc#1214897) ==== python-alembic ==== Version update (1.11.2 -> 1.12.0) - Clean up the SPEC file - update to 1.12.0 * Added new feature to the "code formatter" function which allows standalone executable tools to be run against code, without going through the Python interpreter. Known as the `exec` runner, it complements the existing `console_scripts` runner by allowing non-Python tools such as `ruff` to be used. * Change the default value of `.EnvironmentContext.configure.compare_type` to `True`. As Alembic's autogenerate for types was dramatically improved in version 1.4 released in 2020, the type comparison feature is now much more reliable so is now enabled by default. * Fixed issue where the `ForeignKeyConstraint.match` parameter would not be rendered in autogenerated migrations. * Fixed issue where the `revision_environment` directive in `alembic.ini` was ignored by the `alembic merge` command, leading to issues when other configurational elements depend upon `env.py` being invoked within the command. * Added support for `op.drop_constraint()` to support PostgreSQL `ExcludeConstraint` objects, as well as other constraint-like objects that may be present in third party dialects, by resolving the `type_` parameter to be `None` for this case. Autogenerate has also been enhanced to exclude the `type_` parameter from rendering within this command when `type_` is `None`. ==== python-constantly ==== - Clean up the SPEC file - use unbundled versioneer to build package ==== python-greenlet ==== Version update (2.0.2 -> 3.0.0~rc3) - update to 3.0.0~rc3: * Fix an intermittent error during process termination on some platforms (GCC/Linux/libstdc++). * Fix some potential bugs (assertion failures and memory leaks) in previously-untested error handling code. In some cases, this means that the process will execute a controlled ``abort()`` after severe trouble when previously the process might have continued for some time with a corrupt state. It is unlikely those errors occurred in practice. * Fix some assertion errors and potential bugs with re-entrant switches. * Fix a potential crash when certain compilers compile greenlet with high levels of optimization. The symptom would be that switching to a greenlet for the first time immediately crashes. * Fix a potential crash when the callable object passed to the greenlet constructor (or set as the ``greenlet.run`` attribute) has a destructor attached to it that switches. Typically, triggering this issue would require an unlikely subclass of ``greenlet.greenlet``. * Python 3.11+: Fix rare switching errors that could occur when a garbage collection was triggered during the middle of a switch, and Python-level code in ``__del__`` or weakref callbacks switched to a different greenlet and ultimately switched back to the original greenlet. This often manifested as a ``SystemError``: "switch returned NULL without an exception set." * Python 3.12: Fix walking the frame stack of suspended greenlets. Previously accessing ``glet.gr_frame.f_back`` would crash due to `changes in CPython's undocumented internal frame handling * Make the platform-specific low-level C/assembly snippets stop using the ``register`` storage class. Newer versions of standards remove this storage class, and it has been generally ignored by many compilers for some time. See `PR 347 <https://github.com/python-greenlet/greenlet/pull/347>`_ from Khem Raj. * Add initial support for Python 3.12. See `issue <https://github.com/python-greenlet/greenlet/issues/323>`_ and `PR <https://github.com/python-greenlet/greenlet/pull/327>`_; thanks go to (at least) Michael Droettboom, Andreas Motl, Thomas A Caswell, raphaelauv, Hugo van Kemenade, Mark Shannon, and Petr Viktorin. * Remove support for end-of-life Python versions, including Python 2.7, Python 3.5 and Python 3.6. * Require a compiler that supports ``noinline`` directives. See `issue 271 <https://github.com/python-greenlet/greenlet/issues/266>`_. * Require a compiler that supports C++11. ==== python-netaddr ==== Version update (0.8.0 -> 0.9.0) - Update to version 0.9.0 Added: * Add hash capabilities to OUI. Fixed: * Backwards incompatible: Handle RFC 6164 IPv6 addresses (don't reserve first IP address in point-to-point subnets). * Technically backwards incompatible: Fix for is_loopback behaviour â consider IPNetwork('::1/128') to be loopback. * Fix print syntax in the documentation to be Python 3 compatible * Fix the Sphinx syntax in the documentation. Other: * Deprecate Python 3.6. * Eliminate unnecessary evals. ==== python-qt5-sip ==== Version update (12.12.1 -> 12.12.2) - Update to ABI version 12.12.2 * Match python-sip6-devel 6.7.10+ ==== python-reportlab ==== Version update (3.6.12 -> 3.6.13) - Update to 3.6.13 * fixes for python 3.12.0a1 * tables.py error improvement * allow exclusions in tests in runAll.py and setup.py * implement a safer toColor with rl_config.toColorCanUse option ==== python-tornado6 ==== Version update (6.3.2 -> 6.3.3) - Update to 6.3.3 * The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly (according to the relevant RFCs) to avoid potential request-smuggling vulnerabilities when deployed behind certain proxies. - Add py312-datetime.patch to fix build with Python 3.12 ==== rdma-core ==== Version update (47.0 -> 48.0) Subpackages: libefa1 libibverbs libibverbs1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd - Update to v48.0 - No release notes available. - Drop missing-quoting.patch which was fixed upstream. ==== rubygem-agama ==== Version update (3.devel43 -> 4) - Version 4 - Do not automatically probe after selecting a new product (gh#openSUSE/agama#748). - Use a single D-Bus service to expose the manager and the users settings (gh#openSUSE/agama#753, follow-up of gh#openSUSE/agama#729). - Do not crash when it is not possible to handle a product change in the manager service (related to bsc#1215197). - When selecting the product, do not perform any change if the product is still the same. - The software and the storage services do not dispatch actions during progress reporting anymore (related to bsc#1215197). - New storage proposal settings (gh#openSUSE/agama#738). - Extend the Ruby-based services logs with information about each step (gh#openSUSE/agama#732). - Raise the D-Bus service start timeout for troubleshoting purposes (related to bsc#1214737). - Adapt the locale and questions clients to use the same D-Bus service (gh#openSUSE/agama#729). - Respect UI locale in dbus services (gh#openSUSE/agama#725) - Copy the proxy configuration to the target system when needed (bsc#1212677, gh#openSUSE/agama#711). - Install the ppc64-diag package when running on ppc64le (related to bsc#1206898). - Set the manager service as busy during the startup phase (bsc#1213194). - Add proxy setup support (bsc#1212677, gh#openSUSE/agama#696). ==== sddm ==== Subpackages: sddm-branding-openSUSE - Remove unnecessary Requires(post*) - Config file changes: * No longer own sddm.conf. The migration for this conflicts with the other migration code, so: * Drop code for migrating from Current=maui (Leap <= 42.2) and the monolithic /etc/sddm.conf (Leap <= 42.3) - Add patch and drop unnecessary BuildRequirements of extra-cmake-modules and kf5-filesystem: * 0001-Drop-unnecessary-ECM-dependency-and-dead-uninstall-t.patch - Split the greeter into a subpackage and use _multibuild to build both daemon and greeter for Qt 5 and Qt 6. Add patches to allow for greeter coinstallation: * 0002-Make-sddm-greeter-for-Qt-5-and-Qt-6-coinstallable.patch * 0003-Let-themes-specify-the-used-version-of-Qt.patch - Refresh 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch - Don't set CMAKE_BUILD_TYPE=Release - Make branding packages noarch - Add %check ==== sdl12_compat ==== Version update (1.2.64 -> 1.2.68) - Update to release 1.2.68 * sync dr_mp3 with mainstream * Add null check to SDL_LoadWAV_RW to avoid crashes * Add quirk entry: deactivate GL scaling for Trine (2011 Humble Bundle version) and Mark of the Ninja (HB) * Add quirk entry: set Hyperspace Delivery Boy to run in 16bpp mode * Add quirk handling: add ability to force XInitThreads before main() * Allocate the video surface object statically as a global * Add a hint to clamp the reported screen bit depth ==== smartmontools ==== - Do not quit with an error when no drives to monitor are available (bsc#990406 bsc#1167051). - Add smartd_service_dont_quit.patch - Refresh harden_smartd.service.patch - Run through spec-cleaner, use autosetup ==== stoken ==== Version update (0.92 -> 0.93) - Version update to 0.93: * upstream moved to github * Drop support for versions of nettle older than 2014 * Further v4 token work * fixes in README * Add --both option to print current and next token * Support for v4 token decode * Remove bashisms (Alon Bar-Lev) ==== swtpm ==== Version update (0.8.0 -> 0.8.1) Subpackages: swtpm-selinux - Update to version 0.8.1: - swtpm: - Restore logging to stderr on log open failure - swtpm_setup: - Exit with '0' upon --version rather than '1'. - Initialized @argv in get_swtpm_capabilities() - swtpm_localca: - Add missing NULL option to end of array - SELinux: - Add rules for user_tpm_t:sockfile to allow unlink - Add rules for sock_file on user_tmp_t ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-container systemd-coredump udev - systemd.spec: during package updates, restart localed, timedated and hostnamed if they're running. - systemd.spec: when enabling units prefer enabling service units over socket ones for socket activable services. The services shipped by systemd automatically redirect the enablement request to the socket unit. ==== tracker ==== Subpackages: libtracker-sparql-3_0-0 tracker-data-files typelib-1_0-Tracker-3_0 - use pkgconfig(icu-i18n) to use the current libicu. (jsc#PED-6193) ==== tuned ==== Version update (2.20.0.18+git.7b1a20b -> 2.21.0.0+git.670541d) - Update to version 2.21.0.0+git.670541d: * new release (2.21.0) * api: fixed stop method not to require any parameter * new release (2.21.0-rc.1) * gui: multiple fixes and warnings removal * gui: fixed inconsistent tabs and spaces, introduced by #516 * Serialize SIGHUP processing * No errors when physical_package_id file does not exist * Update tests: disable systemd rate limiting. * network-latency: enable rcu_normal_after_boot=1 kernel parameter * remove ktimer_lockless_check sysfs setting from realtime-virtual profiles * move rtentsk to network-latency profile * move "tsc=reliable" setting from realtime to network-latency tuned configuration * unify common sysctl settings between realtime and cpu-partitioning profiles * Rename rollback-related constants and variables * Add rollback option to tuned-main.conf * Recast README into MarkDown with various minor corrections and improvements * Remove setting ip forwarding via openshift profile * Fix logging in [scheduler] plug-in * fixed sap-hana docu regarding processor power settings * Added sap-hana-kvm-guest profile * tests/beakerlib: Add new test which covers socket API. * plugin_net: expand variables properly * fix typo * add error dialog when no active profile set ==== udisks2 ==== Version update (2.9.4 -> 2.10.0) Subpackages: libudisks2-0 libudisks2-0_btrfs - Add Obsoletes tags for libudisks2-0_bcache and libudisks2-0_zram modules, dropped on latest version bump, so they get removed from end users' systems upon system upgrade. - Drop unnecessary/discouraged %{?systemd_requires} from spec file. - Update to version 2.10.0: + This release brings large number of internal changes, while keeping the promise of API stability. This development cycle was mostly driven by libblockdev 3.0 API overhaul. + Partitioning was ported to libfdisk. + The kbd and vdo libblockdev plugins were removed and so were zram, bcache and vdo udisks modules. + Definition of supported filesystems was moved to libblockdev and filesystem operations were unified. + Native NVMe support has been added through libnvme. + Syntax of configurable mount options was extended to separate filesystem signature and filesystem driver used for mounting. + A number of workarounds was placed around the org.freedesktop.UDisks2.Filesystem.Size property value retrieval to avoid excessive I/O traffic whenever possible. + Bash and Zsh completion enhancements. + lvm2 module uevent handling improvements. + ATA Secure Erase is now allowed only on top-level block objects. + Extra iSCSI node parameters are now honoured properly. + FIPS mode fixes. + Added support for resolving devices by PARTLABEL and PARTUUID. + Full support for setting filesystem and partition UUIDs. + Dynamic mountpoint name sanitization and ACL fixes. + Added support for LVM2 RAID. + UUID of Bitlocker volumes is now properly exposed. + Added an option to force/avoid creation of mdraid write-intent bitmap. + Updated translations. - Drop default_luks_encryption macro definition. It's no longer needed as upstream defaults to LUKS2 now. - Drop bcache, vdo and zram sub-packages, following upstream changes, and libblockdev-kbd(-devel) BuildRequires/Requires. - Drop bogus build requirement on libblockdev-lvm-dbus-devel, and move libblockdev-lvm-devel BuildRequires to the lvm2 module sub-package. - Move libconfig and libstoragemgmt pkgconfig() BuildRequires to the lsm module sub-package, and libblockdev-btrfs-devel BuildRequires to the btrfs modules sub-package, which is where they belong. - Add libblockdev-nvme-devel BuildRequires and libblockdev-nvme Requires as new required dependencies. - Drop harden_udisks2-zram-setup@.service.patch: It's unneeded now that the zram module has been deprecated. - Drop merged upstream patches: 0001-udisksata-Move-the-low-level-PM-state-call.patch, 0001-udiskslinuxfilesystem-Make-the-size-property-retriev.patch, 0001-udiskslinuxmountoptions-Do-not-free-static-daemon-re.patch, 0001-udiskslinuxprovider-Only-update-related-objects-on-u.patch. - Split Bash and Zsh (new to this release) completion scripts to sub-packages of their own. - Amend GPL-2.0-or-later License tags to LGPL-2.0-or-later for the btrfs, lvm2 and lsm UDisks modules sub-packages. This correction is based on what's explicitly stated on the source code from UDisks modules' folders under the modules/ top-level directory. ==== unar ==== - use pkgconfig(icu-uc) to use the current libicu. (jsc#PED-6193) ==== vsftpd ==== - Enable crypto-policies support: [bsc#1211301] * Add vsftpd-use-system-wide-crypto-policy.patch ==== xdg-utils ==== Version update (1.1.3+20230830 -> 1.1.3+20230831) - Update to version 1.1.3+20230831: * Revert putting process in background from !55 - revert _service to the original state - revert drop of xdg-terminal-don-t-run-kreadconfig-if-KDE_SESSION_VE.patch (bsc#1215384) ==== yast2-bootloader ==== Version update (4.6.2 -> 5.0.2) - Fixed testsuite for architectures other than x86_64. - 5.0.2 - Supporting systemd-boot for architecture x86_64. This feature can be enabled/disabled by the "enable_systemd_boot" flag in the product description file for each product (default is disabled). - 5.0.1 - 5.0.0 (#bsc1185510) - support 32 bit UEFI firmware on x86_64/i386 architecture (bsc#1208003, jsc#PED-2569) - 4.6.3 ==== yast2-installation ==== Version update (4.6.7 -> 5.0.1) - Adapt code for changes in yast2-bootloader done for systemd-boot experimental support (jsc#PED-1906) - 5.0.1 - 5.0.0 (#bsc1185510) ==== yast2-python-bindings ==== Version update (4.6.0 -> 5.0.1) - Fix inspect.getargspec() removed in python3.11; (bsc#1215226); - 5.0.1 - 5.0.0 (#bsc1185510) ==== yast2-schema ==== Version update (4.6.1 -> 5.0.1) - Added several LUKS-related elements to the partitioning schema (jsc#PED-3878, jsc#PED-5518). - 5.0.1 - 5.0.0 (#bsc1185510) ==== yast2-storage-ng ==== Version update (4.6.12 -> 5.0.1) - AutoYaST: official support for LUKS2 (jsc#PED-3878, jsc#PED-5518) - 5.0.1 - 5.0.0 (#bsc1185510) ==== yast2-trans ==== Version update (84.87.20230913.43f962446c -> 84.87.20230922.91d997adab) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sr yast2-trans-sv yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20230922.91d997adab: * New POT for text domain 'packager'. * New POT for text domain 'iscsi-client'. ==== yast2-users ==== Version update (4.6.4 -> 5.0.1) - Don't use obsolete method Dir.exists? (bsc#1215637) - 5.0.1 - 5.0.0 (#bsc1185510)